Comments of CDT on Cybersecurity, Innovation and the Internet Economy

The Center for Democracy & Technology ("CDT") respectfully submits these comments in response to the Commerce Departmentʼs Notice of Inquiry regarding cybersecurity, innovation, and the Internet economy (“NOI”). CDT is a nonprofit public interest organization dedicated to preserving and promoting openness, innovation, and freedom on the global Internet. We have been deeply involved in discussions with government agencies such as the Department of Homeland Security, with technology and communications companies, and with Congress, in working to develop cybersecurity solutions that protect civil liberties and preserve the open Internet. While it is clear that the United States faces significant cybersecurity threats from state actors, from private actors motivated by financial greed, and from terrorists, these threats can be mitigated in a way that protects privacy and promotes innovation.

The NOI asks broadly what measures should be taken to improve cybersecurity while sustaining innovation and asks stakeholders to help the Department develop an up-to- date understanding of the current public policy and operational challenges affecting cybersecurity. It seeks this information in connection with a report it is to prepare on cybersecurity, innovation, and the Internet economy. We applaud the Department for taking up this issue in a comprehensive way.

We focus our comments on approaches the Department might take to incentivize rather than to dictate private sector cybersecurity efforts. The Commerce Department should support information sharing that is necessary to cybersecurity while recognizing the extent to which the law already permits necessary information sharing. It should support careful use of government procurement power to enhance cybersecurity. Finally, to help ensure that consumer protection and privacy are built into identification and authentication programs, it should position itself to play a key role in implementing the National Strategy for Trusted Identities in Cyberspace.